[tor-talk] Using VPN less safe?

Paul Syverson paul.syverson at nrl.navy.mil
Mon Jan 25 15:25:20 UTC 2016


On Sun, Jan 24, 2016 at 04:13:18PM -0800, Spencer wrote:
> >
> >leave the route selection to Tor
> >
> 
> Is this that trust thing people are always talking about?
> 

A little terse to know, but onion routing is designed around diversity
of trust. Just to be clear, this does not mean 'let the Tor Project
Inc. or the Tor Director Authorities (itself a diverse set)
or... select a route and hand it to you'. It does mean 'let the Tor
software use its randomized algorithms to select a route that makes
tradeoffs of performance and security that experts have thought about'.

There are of course configuration settings so you can do differently
if you want. If anyone wants to do that, they should try to make as
informed a choice as possible and understand what the issues are. We
have made a number of mathematical and experimental analyses, policy
languages, etc. available to understand trust in route selection for
Tor or other onion routing systems, taking into account a wide range
of adversary types. The most recent published work we have on this is
"20,000 In League Under the Sea: Anonymous Communication, Trust,
MLATs, and Undersea Cables" available at
http://www.degruyter.com/view/j/popets.2015.1.issue-1/popets-2015-0002/popets-2015-0002.xml?format=INT

This is ongoing evolving research. This is not ready for deployment
for everybody's Tor clients to do their own trust-aware route
selection.  And, one of the observations of this work is that you
should probably always use the default settings unless you have
specific other adversaries in mind and understand how diverging from
the pack will affect you.  What this work will do is help people who
want to use different route selection choices to understand those
choices, and it will eventually impact the default and alternative
route selections built into the Tor software.  

It also focuses just on route selection.  Tor does other things to
diversify trust.  For example, Tor's binaries have for the last few
stable releases reflected reproducible (or determistic) builds, which
means that people can independently verify that the officially
distributed binaries are compiled from the officially distributed
source programs. If they did not match, anyone could test and expose
that.  See
https://blog.torproject.org/category/tags/deterministic-builds

aloha,
Paul


More information about the tor-talk mailing list